Техническая информация
- '%WINDIR%\syswow64\taskkill.exe' -IM "<Имя файла>.exe" -f
- %TEMP%\wjlzegoso5i1q.exe
- %TEMP%\rarsfx1\iyxi.w6
- %TEMP%\rarsfx1\m_~ee.je9
- %TEMP%\rarsfx1\1dg3insh.8
- %TEMP%\juykjb.7fa
- nul
- %TEMP%\rarsfx1\1dg3insh.8
- %TEMP%\rarsfx1\iyxi.w6
- %TEMP%\rarsfx1\m_~ee.je9
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- '%TEMP%\wjlzegoso5i1q.exe' /p3N5uxMV51WgRLo9AL~y5
- '%WINDIR%\syswow64\cmd.exe' /q /C tYpe "<Полный путь к файлу>"> ..\wjlZEGosO5I1Q.exe&& stARt ..\wjlZEGosO5I1Q.exe /p3N5uxMV51WgRLo9AL~y5 & if "" == "" for %V IN (...
- '%WINDIR%\syswow64\cmd.exe' /q /C tYpe "%TEMP%\wjlZEGosO5I1Q.exe"> ..\wjlZEGosO5I1Q.exe&& stARt ..\wjlZEGosO5I1Q.exe /p3N5uxMV51WgRLo9AL~y5 & if "/p3N5uxMV51WgRLo9AL~y5 " == ...
- '%WINDIR%\syswow64\cmd.exe' /Q /c eCho| seT /p = "MZ" >1dG3INSH.8 & COpy /b /Y 1DG3INSH.8 + iYXI.W6 + M_~Ee.Je9 ..\JUyKJB.7fA > nul &...
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" eCho"
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" seT /p = "MZ" 1>1dG3INSH.8"
- '%WINDIR%\syswow64\regsvr32.exe' -S ..\JUyKJB.7Fa